Google fixes two critical Chrome flaws

By Justin Mann on
Update: We mistakenly reported earlier that one of the flaws in the Chrome browser could have lead to system-wide code execution. As one of its most significant built-in security measures, the Chrome browser adds an extra layer of security for HTML rendering and JavaScript execution called the sandbox. In other words, while the reported vulnerability could have resulted in unauthorized code execution, it would have been confined to the boundaries of the sandbox, according to Google's release documentation.

Without much fanfare, Google has pushed out an update for Chrome that will seal up two vulnerabilities which could have posed a serious risk. The flaws, present in the V8 JavaScript engine that Chrome relies upon, could result in data compromise or even worse, total system compromise through code execution.

One flaw pertained to potentially fraudulent HTTPS sessions, and the more dangerous of the two could be triggered by visiting a maliciously-crafted page with certain XML content. Google has pushed out version 2.0.172.43 of Chrome already, making it available for download to anyone who uses Chrome. If you haven't updated already, it's a good idea to snag it.

Interestingly, Google is crediting how they discovered the flaws. Mozilla's security team was apparently responsible for alerting Google to one problem, and a security researcher was credited with discovering the other. That may be only a small note, but it is encouraging to see browser developers working together in some fashion.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.